[c-nsp] Problem with config for 7206 acting as a lns

Michael Ulitskiy mulitskiy at acedsl.com
Fri Jun 12 01:10:09 EDT 2009 

There's no such policy-maps defined in your config.
If you supply an undefined policy-map in radius VSA then cisco just drops the connection.

Michael

On Thursday 11 June 2009 08:13:24 pm Samantha (Regional Connect) wrote:
> Hi
> 
> I have the radius issuing the following attribute (example)
> 
> lcp:interface-config#1=service-policy output 160
> lcp:interface-config#1=service-policy input 2560
> 
> Now when the user authenticates it closes the connection on the user
> If I remove the attributes from radius (shaping after a user has reached a
> download limit)
> they stay connected
> 
> 
> 
> 
> boot system flash disk0:c7200-xxxxxxxxxxxx
> aaa new-model
> !
> !
> aaa authentication login default local
> aaa authentication enable default enable
> aaa authentication ppp default group radius
> aaa authorization network l2tp group radius
> aaa accounting delay-start
> aaa accounting update periodic 5
> aaa accounting network default start-stop group radius
> aaa accounting network l2tp start-stop group radius
> aaa nas port extended
> aaa pod server auth-type any server-key xxxxxxxxxxxxxxxxx
> aaa session-id common
> enable secret 5 $1$BSPX$QS0/XG/J8WmSW7attjsTC/
> enable password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> clock timezone GMT 10
> ip subnet-zero
> no ip source-route
> !
> !
> ip name-server xxx.xxx.xxx.xxx
> ip name-server xxx.xxx.xxx.xxx
> ip name-server xxx.xxx.xxx.xxx
> !
> ip cef
> vpdn enable
> vpdn multihop
> vpdn aaa attribute nas-port vpdn-nas
> vpdn logging
> vpdn logging local
> vpdn logging tunnel-drop
> vpdn history failure table-size 50
> vpdn session-limit 1000
> ! Default L2TP VPDN group
>  accept-dialin
>   protocol l2tp
>   virtual-template 1
>  lcp renegotiation always
>  l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
> !
> !
> !
> voice call carrier capacity active
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> interface FastEthernet1/0
>  description LNS Link to Network
>  ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
>  duplex full
>  ipv6 address xxx.xxx.xxx.xxx /48
>  ipv6 enable
>  no cdp enable
> !
> interface FastEthernet2/0
>  no ip address
>  duplex full
>  no cdp enable
>  no mop enabled
> !
> interface FastEthernet2/0.1027
>  encapsulation dot1Q 1027
>  ip address 125.xxx.xxx.xxx 255.255.xxx.xxx
>  no cdp enable
> !
> interface FastEthernet2/0.1028
>  encapsulation dot1Q 1028
>  ip address 125.xxx.xxx.xxx 255.255.xxx.xxx
>  no cdp enable
> !
> interface Virtual-Template1
>  description Customer DSL-Sessions via L2TP
>  ip unnumbered FastEthernet1/0
>  ip access-group 110 out
>  peer default ip address pool default
>  ppp authentication pap chap radius
> ppp authorization l2tp
>  ppp accounting l2tp
>  ppp multilink
> !
> router ospf 1
>  router-id 202.xxx.xxx.xxx
>  log-adjacency-changes
>  redistribute connected subnets
>  redistribute static subnets
>  passive-interface FastEthernet2/0
>  passive-interface FastEthernet2/0.1027
>  passive-interface FastEthernet2/0.1028
>  network 202.xxx.xxx.xxx 0.0.0.255 area 0.0.0.0
> !
> ip local pool default xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
> ip classless
> ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
> ip route xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx FastEthernet1/0
> no ip http server
> !
> !
> access-list 110 permit ip any any
> no cdp run
> ipv6 route xxx.xxx.xxx.xxx 48 FastEthernet1/0
> ipv6 route ::/0 xxx.xxx.xxx.xxx
> !
> snmp-server community public RO 99
> snmp-server location Equinix Sydney
> snmp-server contact xxx.xxx.xxx.xxx
> snmp-server chassis-id lns1.c7206
> snmp-server enable traps tty
> !
> !
> radius-server configure-nas
> radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
> radius-server retransmit 3
> radius-server key xxxxxxxxxxx
> radius-server authorization permit missing Service-Type
> radius-server vsa send accounting
> radius-server vsa send authentication
> no call rsvp-sync
> !
> !
> mgcp profile default
> !
> dial-peer cor custom
> !
> !
> !
> !
> gatekeeper
> shutdown
> !
> !
> line con 0
>  stopbits 1
> line aux 0
>  stopbits 1
> line vty 0 4
> !
> ntp clock-period 17179650
> ntp master 4
> ntp server 192.189.54.17
> ntp server 202.47.112.1
> ntp server 192.189.54.65
> !
> 
> 
> Thanks
> 
> 
> Sam
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list